VIR Vulnerability Intelligence Relay

Package impact

php Packagist / phpoffice/phpspreadsheet

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-34084 critical 9.8 9.8 28d ago PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled php
CVE-2026-40902 high 7.5 7.5 28d ago PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions php
CVE-2026-40863 high 7.5 7.5 28d ago PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader php
CVE-2026-40296 medium 5.4 5.4 29d ago PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer php
CVE-2026-35453 medium 5.4 5.4 29d ago PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer php